We perform targeted security research of: browsers, client-server applications, operating systems and devices. Additionally we develop security software to aid both red team and blue team operations.
Our team found and responsibly disclosed multiple vulnerabilities in high-profile software from major vendors such as:
Mostly we deliver non-standard, tailored solutions for demanding customers. Our services include targeted security research of: browsers, client-server applications, operating systems and various devices (mobile, IT/OT/IoT). We develop custom software for our customers for both offensive and defensive purposes.
Sample security bugs in popular software identified by our core team:
Our vast experience in identifying security vulnerabilities is confirmed by acknowledgments by such companies as Apple, Google or Microsoft. Apart from that we have experience working as security researchers. Due to the nature of this work most of it is not public and only some of those are confirmed with CVE identifiers. We have identified multiple vulnerabilities in top browsers, server applications, web/mobile applications, embedded devices and operating systems. Our team specializes in delivering dedicated research in order to discover previously unidentified security flaws and develop new techniques. We are able to identify vulnerabilities in both open and closed source software. Our main areas of expertise are:
Many of the bugs identified by us were found by using fuzzing. We have several years of experience in creating dedicated fuzzing software that is used for identified so called 0-day vulnerabilities and are able to provide custom solutions to our customers. The fuzzer can for example target specific software, module or a network protocol. We can also help with optimizing already existing solutions that are based on popular public fuzzing solutions such as American Fuzzy Lop (AFL) or Peach Fuzzer.
Thanks to our broad experience in the cybersecurity field, we can offer many non standard offensive and defensive services. In case a service was not listed on the website or you have some special requirements feel free to contact us.
We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.
Security testing of IT/OT/IoT/SCADA. Verification of security for both infrastructure and applications including web, mobile and client-server.
Real-life attack simulations starting from technical aspects, social engineering to physical security. We perform Advanced Persistent Threat (APT) simulations.
Audits covering broad scope, including procedures, software architecture, source code audits, configuration reviews and vulnerability assessment.
Searching for active cyber threats, proactive digital forensics aimed for detecting attackers in the organisation. Service delivered as a form of constant monitoring and as a last line of SOC.
Criminal forensics: securing digital evidence, analysing traces of activity, digital forensics, log analysis, events, RAM analysis. Additionally secure data removal.
Wide experience in identifying security vulnerabilities in popular software. We are able to conduct targeted security research for both software and IT/OT/IoT devices.